Client Isolation on Wireless Networks

  • 2
  • Question
  • Updated 11 months ago
Is it possible to enable Client Isolation on SSID's that I have setup on HiveManager Online 6.8r4.
My wireless networks are setup with different VLAN ID's.

If I connect to one of the Wireless networks and do a network scan using Fing - I can see other devices that are connected, how do I restrict devices from seeing other devices.
Photo of Joshua Webster

Joshua Webster

  • 6 Posts
  • 0 Reply Likes

Posted 2 years ago

  • 2
Photo of Christian Andreassen

Christian Andreassen

  • 3 Posts
  • 1 Reply Like
In you SSID config under Optional Settings, Traffic Filters - "Enable Inter-station Traffic" is disable that.

/Christian
Photo of Joshua Webster

Joshua Webster

  • 6 Posts
  • 0 Reply Likes
Thanks Christian!
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Hi both,

Please be mindful that this client isolation applies on a per-BSS basis. You have to use firewall rules if you want to protect/isolate clients in an ESS.

Regards,

Nick
(Edited)
Photo of Steve Kellogg

Steve Kellogg

  • 87 Posts
  • 2 Reply Likes
Hi, Nick,

This may be only tangentially connected (or not even), but I had wondered if client isolation would cut down on broadcast traffic.  I've got a pretty dense network and would like to eliminate any non-essential use of airtime.  Could you by any chance point me to info for achieving that goal?  I apologize if I shouldn't have jumped into this thread with this particular question.

Thanks,

Steve
Photo of Brian Powers

Brian Powers, Champ

  • 396 Posts
  • 92 Reply Likes
Look here for more info, http://docs.aerohive.com/330000/docs/guides/Aerohive_Ed-K-12-DeployGuide-2-Wireless-Access.pdf (page 8 specifically states that it can cut unwanted traffic down)

This is part of a 4 part series on how to optimize your configuration for K-12, but it can apply to most WLAN deployments.

The full series is located here, http://docs.aerohive.com/330000/docs/help/english/6.8r1/hm/full/help.htm#ref/doc.htm under the Deployment Guides section.

Note that this can have negative implications as well as when you cut inter-station traffic down, you are cutting access to any mDNS (Bonjour) possibly and if you use AirPlay or any other iOS device related sharing features, they may not work as advertised.
Photo of Steve Kellogg

Steve Kellogg

  • 87 Posts
  • 2 Reply Likes
Thanks - I really appreciate it!
Photo of Joshua Webster

Joshua Webster

  • 6 Posts
  • 0 Reply Likes
Hi Nick - please elaborate regarding it applying on a per-BSS basis?
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
I need to update this post as the information I posted above about this only applying to a BSS is not correct.

The roaming cache, via AMRP, is used to implement this feature so you should see it applying to the ESS.

Nick